Ad: Manage updates with the Download App
  • CNET
  • All oauth posts

oauth

OAuth 2.0 leader resigns, says standard is 'bad'

OAuth 2.0 promised to improve authentication on the Net, but its author has resigned from the project after concluding the standard "is a bad protocol."

"When compared with OAuth 1.0, the 2.0 specification is more complex, less interoperable, less useful, more incomplete, and most importantly, less secure," Eran Hammer-Lahav said in a blog post yesterday. "I resigned my role as lead author and editor, [withdrew] my name from the specification, and left the working group...Deciding to move on from an effort I have led for over five years was agonizing." … Read more

Face.com plugs Facebook, Twitter hijacking hole

A hole in the Face.com mobile app KLIK has been closed after a researcher discovered that it could be used to hijack Facebook and Twitter accounts.

KLIK lets people tag faces in photos using Facebook, which recently acquired Israel-based Face.com. But Ashkan Soltani, a privacy and security researcher, found that it also allowed anyone to hijack a KLIK user's accounts on Facebook and Twitter to get access to photos that were private.

"The above attack not only allows access to non-public photos, but also lets the attacker potentially manipulate the Face.com app to automatically 'recognize' … Read more

How Facebook saved some Gawker subscribers

The data breach at Gawker earlier this week had many people scrambling to figure out if their data had been exposed and resetting passwords on other sites just in case they had reused their password there.

The only Gawker subscribers who appeared to have been safe were those who logged in to the site using Login with Facebook (formerly called Facebook Connect), a single sign-on authentication service that lets you use one login for multiple sites as long as you have a Facebook account.

Basically, it works by allowing you to sign in to a Web site using your Facebook … Read more

Webware 100 Editors' Choice: OAuth (Most Important Technology)

Site: OAuth Category: Editors' Choice, Most Important Technology

OAuth is a developing standard that lets Web services interact with each other on behalf of users, without requiring users to give up their passwords.

Why do we need it? Best reason that makes it clear to almost everyone: Twitter apps. Currently, when you're using a third-party Twitter application, like Tweetdeck for example, you have to give the app your Twitter credentials--user name and password. That's a key to your entire Twitter account. An app like Tweetdeck could, if hacked or written maliciously, log in to your Twitter account and … Read more

Security flaw leads Twitter, others to pull OAuth support

A security hole in OAuth, the open-source protocol that acts as a "valet key" for users' log-in information, has led services like Twitter and Yahoo to temporarily pull their support, CNET News has learned.

Some developers were dismayed when Twitter pulled its support for OAuth, which it had only recently started to implement: blogger Jesse Stay wrote in a post about other restrictions to Twitter's developer API that its removal of OAuth is one of a number of recent examples of how the microblogging service has "pulled the rug out from under its developers."

In … Read more

Twitter OAuth open to all developers

Twitter's OAuth interface is now open to all developers, enabling more secure access to the service via its application programming interface from third-party Web sites. Alex Payne, Twitter's API leader, made the announcement in--what else--a tweet Monday.

OAuth is an open standard for online authentication. It enables a user who stores information such as a password on a particular Web site to then authorize yet another site to access that data, all the while not sharing the user's identity with that site. Twitter OAuth had been offered to some developers in a closed beta a few … Read more

Google adds OAuth to widget mashups

Google has adopted OAuth, an open Web authentication standard for controlling privacy, for its widget platform, Google Gadgets.

If a user has personal information stored on one Web site, OAuth provides a mechanism for him or her to authorize that Web site to share the data with another Web site or widget. It also makes it possible to do this without the first site having to reveal the user's identity to the second site.

Google announced in June that it was to adopt OAuth for sharing data through its Google Data application programming interface. The company on Tuesday said … Read more

Google data-sharing gets authentication option

Google now supports the open OAuth standard for sharing data through its Google Data interface, a move that could make it easier to tap into information stored at Google property.

The Google Data API (application programming interface)--GData for short--provides a conduit whereby other Web sites can slurp out data stored at Google. For personal information, such as photos at Picasa or contacts at Gmail, access to that information requires authentication. OAuth provides a standard way to perform that authentication, which means programmers at least theoretically should have an easier time writing code.

Google announced the OAuth support Thursday … Read more

Friend Connect gets a warm reception at Google Campfire One

MOUNTAIN VIEW, Calif.--Maybe it was because Google preaching to the social-networking choir, or maybe it was the toasty campfires and hot cocoa, but demonstrations of Google's new Friend Connect service seemed generally well received Monday night.

Google executives showed off the technology, a Google-hosted application that designed to let Web site coders easily add social features to their sites, at the company's third Campfire One event at the company's headquarters here. Previous debuts at the events were of two other significant developer-oriented software technologies, OpenSocial and App Engine.

Program manager Mussie Shore gave the central demonstration … Read more